~azzar1/unity/add-show-desktop-key : contents of www/php/phpBB3/includes/auth/auth

~azzar1/unity/add-show-desktop-key : (revision 830)

<?php
/**
* Apache auth plug-in for phpBB3
*
* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
*
* @package login
* @version $Id: auth_apache.php,v 1.18 2007/10/05 12:42:06 acydburn Exp $
* @copyright (c) 2005 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/

/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
	exit;
}

/**
* Checks whether the user is identified to apache
* Only allow changing authentication to apache if the user is identified
* Called in acp_board while setting authentication plugins
*
* @return boolean|string false if the user is identified and else an error message
*/
function init_apache()
{
	global $user;

	if (!isset($_SERVER['PHP_AUTH_USER']) || $user->data['username'] !== $_SERVER['PHP_AUTH_USER'])
	{
		return $user->lang['APACHE_SETUP_BEFORE_USE'];
	}
	return false;
}

/**
* Login function
*/
function login_apache(&$username, &$password)
{
	global $db;

	// do not allow empty password
	if (!$password)
	{
		return array(
			'status'	=> LOGIN_BREAK,
			'error_msg'	=> 'NO_PASSWORD_SUPPLIED',
		);
	}

	if (!isset($_SERVER['PHP_AUTH_USER']))
	{
		return array(
			'status'		=> LOGIN_ERROR_EXTERNAL_AUTH,
			'error_msg'		=> 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
			'user_row'		=> array('user_id' => ANONYMOUS),
		);
	}

	$php_auth_user = $_SERVER['PHP_AUTH_USER'];
	$php_auth_pw = $_SERVER['PHP_AUTH_PW'];

	if (!empty($php_auth_user) && !empty($php_auth_pw))
	{
		if ($php_auth_user !== $username)
		{
			return array(
				'status'	=> LOGIN_ERROR_USERNAME,
				'error_msg'	=> 'LOGIN_ERROR_USERNAME',
				'user_row'	=> array('user_id' => ANONYMOUS),
			);
		}

		$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
			FROM ' . USERS_TABLE . "
			WHERE username = '" . $db->sql_escape($php_auth_user) . "'";
		$result = $db->sql_query($sql);
		$row = $db->sql_fetchrow($result);
		$db->sql_freeresult($result);

		if ($row)
		{
			// User inactive...
			if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
			{
				return array(
					'status'		=> LOGIN_ERROR_ACTIVE,
					'error_msg'		=> 'ACTIVE_ERROR',
					'user_row'		=> $row,
				);
			}
	
			// Successful login...
			return array(
				'status'		=> LOGIN_SUCCESS,
				'error_msg'		=> false,
				'user_row'		=> $row,
			);
		}

		// this is the user's first login so create an empty profile
		return array(
			'status'		=> LOGIN_SUCCESS_CREATE_PROFILE,
			'error_msg'		=> false,
			'user_row'		=> user_row_apache($php_auth_user, $php_auth_pw),
		);
	}

	// Not logged into apache
	return array(
		'status'		=> LOGIN_ERROR_EXTERNAL_AUTH,
		'error_msg'		=> 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
		'user_row'		=> array('user_id' => ANONYMOUS),
	);
}

/**
* Autologin function
*
* @return array containing the user row or empty if no auto login should take place
*/
function autologin_apache()
{
	global $db;

	if (!isset($_SERVER['PHP_AUTH_USER']))
	{
		return array();
	}

	$php_auth_user = $_SERVER['PHP_AUTH_USER'];
	$php_auth_pw = $_SERVER['PHP_AUTH_PW'];

	if (!empty($php_auth_user) && !empty($php_auth_pw))
	{
		set_var($php_auth_user, $php_auth_user, 'string');
		set_var($php_auth_pw, $php_auth_pw, 'string');

		$sql = 'SELECT *
			FROM ' . USERS_TABLE . "
			WHERE username = '" . $db->sql_escape($php_auth_user) . "'";
		$result = $db->sql_query($sql);
		$row = $db->sql_fetchrow($result);
		$db->sql_freeresult($result);

		if ($row)
		{
			return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row;
		}

		if (!function_exists('user_add'))
		{
			global $phpbb_root_path, $phpEx;

			include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
		}

		// create the user if he does not exist yet
		user_add(user_row_apache($php_auth_user, $php_auth_pw));

		$sql = 'SELECT *
			FROM ' . USERS_TABLE . "
			WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($php_auth_user)) . "'";
		$result = $db->sql_query($sql);
		$row = $db->sql_fetchrow($result);
		$db->sql_freeresult($result);

		if ($row)
		{
			return $row;
		}
	}

	return array();
}

/**
* This function generates an array which can be passed to the user_add function in order to create a user
*/
function user_row_apache($username, $password)
{
	global $db, $config, $user;
	// first retrieve default group id
	$sql = 'SELECT group_id
		FROM ' . GROUPS_TABLE . "
		WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
			AND group_type = " . GROUP_SPECIAL;
	$result = $db->sql_query($sql);
	$row = $db->sql_fetchrow($result);
	$db->sql_freeresult($result);

	if (!$row)
	{
		trigger_error('NO_GROUP');
	}

	// generate user account data
	return array(
		'username'		=> $username,
		'user_password'	=> phpbb_hash($password),
		'user_email'	=> '',
		'group_id'		=> (int) $row['group_id'],
		'user_type'		=> USER_NORMAL,
		'user_ip'		=> $user->ip,
	);
}

/**
* The session validation function checks whether the user is still logged in
*
* @return boolean true if the given user is authenticated or false if the session should be closed
*/
function validate_session_apache(&$user)
{
	if (!isset($_SERVER['PHP_AUTH_USER']))
	{
		return false;
	}

	$php_auth_user = '';
	set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string');

	return ($php_auth_user === $user['username']) ? true : false;
}

?>

443 by dcoles Added Forum application along with unmodifed version of phpBB3 "Olympus" 3.0.0	1	<?php
	2	/**
	3	* Apache auth plug-in for phpBB3
	4	*
	5	* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
	6	*
	7	* @package login
	8	* @version $Id: auth_apache.php,v 1.18 2007/10/05 12:42:06 acydburn Exp $
	9	* @copyright (c) 2005 phpBB Group
	10	* @license http://opensource.org/licenses/gpl-license.php GNU Public License
	11	*
	12	*/
	13
	14	/**
	15	* @ignore
	16	*/
	17	if (!defined('IN_PHPBB'))
	18	{
	19	exit;
	20	}
	21
	22	/**
	23	* Checks whether the user is identified to apache
	24	* Only allow changing authentication to apache if the user is identified
	25	* Called in acp_board while setting authentication plugins
	26	*
	27	* @return boolean\|string false if the user is identified and else an error message
	28	*/
	29	function init_apache()
	30	{
	31	global $user;
	32
	33	if (!isset($_SERVER['PHP_AUTH_USER']) \|\| $user->data['username'] !== $_SERVER['PHP_AUTH_USER'])
	34	{
	35	return $user->lang['APACHE_SETUP_BEFORE_USE'];
	36	}
	37	return false;
	38	}
	39
	40	/**
	41	* Login function
	42	*/
	43	function login_apache(&$username, &$password)
	44	{
	45	global $db;
	46
	47	// do not allow empty password
	48	if (!$password)
	49	{
	50	return array(
	51	'status' => LOGIN_BREAK,
	52	'error_msg' => 'NO_PASSWORD_SUPPLIED',
	53	);
	54	}
	55
	56	if (!isset($_SERVER['PHP_AUTH_USER']))
	57	{
	58	return array(
	59	'status' => LOGIN_ERROR_EXTERNAL_AUTH,
	60	'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
	61	'user_row' => array('user_id' => ANONYMOUS),
	62	);
	63	}
	64
65	$php_auth_user = $_SERVER['PHP_AUTH_USER'];
66	$php_auth_pw = $_SERVER['PHP_AUTH_PW'];
67
68	if (!empty($php_auth_user) && !empty($php_auth_pw))
69	{
70	if ($php_auth_user !== $username)
71	{
72	return array(
73	'status' => LOGIN_ERROR_USERNAME,
74	'error_msg' => 'LOGIN_ERROR_USERNAME',
75	'user_row' => array('user_id' => ANONYMOUS),
76	);
77	}
78
79	$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
80	FROM ' . USERS_TABLE . "
81	WHERE username = '" . $db->sql_escape($php_auth_user) . "'";
82	$result = $db->sql_query($sql);
83	$row = $db->sql_fetchrow($result);
84	$db->sql_freeresult($result);
85
86	if ($row)
87	{
88	// User inactive...
89	if ($row['user_type'] == USER_INACTIVE \|\| $row['user_type'] == USER_IGNORE)
90	{
91	return array(
92	'status' => LOGIN_ERROR_ACTIVE,
93	'error_msg' => 'ACTIVE_ERROR',
94	'user_row' => $row,
95	);
96	}
97
98	// Successful login...
99	return array(
100	'status' => LOGIN_SUCCESS,
101	'error_msg' => false,
102	'user_row' => $row,
103	);
104	}
105
106	// this is the user's first login so create an empty profile
107	return array(
108	'status' => LOGIN_SUCCESS_CREATE_PROFILE,
109	'error_msg' => false,
110	'user_row' => user_row_apache($php_auth_user, $php_auth_pw),
111	);
112	}
113
114	// Not logged into apache
115	return array(
116	'status' => LOGIN_ERROR_EXTERNAL_AUTH,
117	'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
118	'user_row' => array('user_id' => ANONYMOUS),
119	);
120	}
121
122	/**
123	* Autologin function
124	*
125	* @return array containing the user row or empty if no auto login should take place
126	*/
127	function autologin_apache()
128	{
129	global $db;
130
131	if (!isset($_SERVER['PHP_AUTH_USER']))
132	{
133	return array();
134	}
135
136	$php_auth_user = $_SERVER['PHP_AUTH_USER'];
137	$php_auth_pw = $_SERVER['PHP_AUTH_PW'];
138
139	if (!empty($php_auth_user) && !empty($php_auth_pw))
140	{
141	set_var($php_auth_user, $php_auth_user, 'string');
142	set_var($php_auth_pw, $php_auth_pw, 'string');
143
144	$sql = 'SELECT *
145	FROM ' . USERS_TABLE . "
146	WHERE username = '" . $db->sql_escape($php_auth_user) . "'";
147	$result = $db->sql_query($sql);
148	$row = $db->sql_fetchrow($result);
149	$db->sql_freeresult($result);
150
151	if ($row)
152	{
153	return ($row['user_type'] == USER_INACTIVE \|\| $row['user_type'] == USER_IGNORE) ? array() : $row;
154	}
155
156	if (!function_exists('user_add'))
157	{
158	global $phpbb_root_path, $phpEx;
159
160	include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
161	}
162
163	// create the user if he does not exist yet
164	user_add(user_row_apache($php_auth_user, $php_auth_pw));
165
166	$sql = 'SELECT *
167	FROM ' . USERS_TABLE . "
168	WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($php_auth_user)) . "'";
169	$result = $db->sql_query($sql);
170	$row = $db->sql_fetchrow($result);
171	$db->sql_freeresult($result);
172
173	if ($row)
174	{
175	return $row;
176	}
177	}
178
179	return array();
180	}
181
182	/**
183	* This function generates an array which can be passed to the user_add function in order to create a user
184	*/
185	function user_row_apache($username, $password)
186	{
187	global $db, $config, $user;
188	// first retrieve default group id
189	$sql = 'SELECT group_id
190	FROM ' . GROUPS_TABLE . "
191	WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
192	AND group_type = " . GROUP_SPECIAL;
193	$result = $db->sql_query($sql);
194	$row = $db->sql_fetchrow($result);
195	$db->sql_freeresult($result);
196
197	if (!$row)
198	{
199	trigger_error('NO_GROUP');
200	}
201
202	// generate user account data
203	return array(
204	'username' => $username,
205	'user_password' => phpbb_hash($password),
206	'user_email' => '',
207	'group_id' => (int) $row['group_id'],
208	'user_type' => USER_NORMAL,
209	'user_ip' => $user->ip,
210	);
211	}
212
213	/**
214	* The session validation function checks whether the user is still logged in
215	*
216	* @return boolean true if the given user is authenticated or false if the session should be closed
217	*/
218	function validate_session_apache(&$user)
219	{
220	if (!isset($_SERVER['PHP_AUTH_USER']))
221	{
222	return false;
223	}
224
225	$php_auth_user = '';
226	set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string');
227
228	return ($php_auth_user === $user['username']) ? true : false;
229	}
230
231	?>